package com.vcredit.creditcat.utils;

import com.vcredit.creditcat.vo.payday.CommonRequest;
import com.vcredit.framework.exception.BaseException;
import com.vcredit.framework.util.JacksonUtil;



public class CommonSecuritUtil {

	public static String getDecryptedData(CommonRequest param, 
		String publicKey, String privateKey) throws Exception {
		String sign = param.getSign();
		param.setSign(null);
		String requsetJson = JacksonUtil.Obj2Json(param);
		Boolean checkResult = RSAUtils.verify(requsetJson.getBytes("UTF-8"),publicKey,sign);

		if (!checkResult) {
			throw new BaseException("签名未通过");
		}

		//获取加密后的biz_data数据
		String bizData = param.getBiz_data().toString();
		String base64encodeData = null;

		//2、如果业务数据是压缩过的，那么先进行解压缩
		if ("1".equals(param.getIs_compress() + "")) {
			//对压缩过的业务参数进行解压缩
			byte[] base64compressData = Base64Utils.decode(bizData);
			base64encodeData = GZIPUtils.uncompressToString(base64compressData);
			param.setBiz_data(base64encodeData);
		}

		//3、合作方使用自己的RSA私钥进行业务参数的解密
		String bidData = param.getBiz_data().toString();
		byte[] bizDataUnBase64 = Base64Utils.decode(bidData);
		byte[] bizResult = RSAUtils.decryptByPrivateKey(bizDataUnBase64, privateKey);

		return new String(bizResult);
	}
}
